Device independent authentication system and method

Abstract

A system is disclosed which facilitates authentication processes with web-enabled wireless devices, including those that do not support the use of cookie files. To facilitate such authentication, a web server analyzes an HTTP request file from a communication device for the presence of security token data. Where none is found, a client is directed to a login page for input of authentication data, such as a user name and password information. Upon proper authentication, the client's communication device is issued a security token using standard HTML—INPUT tags. Thereafter, the web server determines if each additional HTTP request file received from the client includes a security token before responding to the request.

Description

CROSS REFERENCE TO RELATED APPLICATIONS[0001]This application claims priority to, and the benefit of, U.S. Provisional Application Ser. No. 60 / 419,363, filed Oct. 18, 2002.TECHNICAL FIELD[0002]The present invention generally relates to wireless internet communications, and more particularly, to systems and methods for initiating secure sessions with web-browsing enabled wireless devices that do not support cookies.BACKGROUND INFORMATION[0003]The term “cookie” generally refers to a text-based file generated by a web server and stored on a client's computer for later retrieval when, for example, the client enters a website. A cookie file generally facilitates client navigation within a web site and enable web sites to gather information about users entering the site.[0004]In particular, the cookie file is typically a named piece of data that a web server sends to the client computer, which instructs the client computer to store and send the cookie back to the server each time the clie...

AI Technical Summary

Benefits of technology

"The present invention provides systems and methods for authentication and session tracking with web-enabled wireless devices, even those that do not support the use of cookie files. The host web server analyzes HTTP request files for the presence of security token data, and if none is found, directs the client to a login page for the input of authentication data. The client's communication device is then issued a security token using standard HTML—INPUT tags by the host web server. The host web server also determines if each additional HTTP request file received from the client includes a security token before responding to the request. The security token obtained from the web server may be stored on the communication device, in encrypted form, utilizing standard HTML—INPUT tags. Additional validation processes are also provided, such as analyzing device identifying information, including URL information, client browser information, and client agent identification information associated with the HTTP requests."

Problems solved by technology

Most cookies are also time-sensitive, meaning the cookie is often associated with an expiration date, after which the client computer no longer sends the cookie to the associated server and the client computer removes the cookie from its internal database.

However, it also means that a session may not be defined by a single persistent connection.

However, these devices usually pose significant challenges to web site operations, particularly in systems seeking to conduct secure sessions, session tracking, and other functionality typically associated with cookie files.

Most wireless devices do not support the use of cookie files for various reasons, most notably is memory limitations on the wireless device.

However, wireless devices typically do not have sufficient memory to handle these types of files, making such memory intensive interfaces problematic.

However, protocols for obtaining such information is often device specific such that a server is not always able to determine how to obtain this type of information from a particular device.

Moreover, such methods often leave artifacts of device-specific information on third-party servers that are susceptible to cloning.

Finally, some gateways do not store all types of cookies files.

Here, however, the length of such URL strings tend to become very long, and often surpasses the management capability of many wireless devices.

However, this approach is also problematic in that client ID and password data are typically inputted through a Popup logon box, and many wireless devices are not compatible with this type interface.

Images